New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix integer overflow in wordwrap #1738

Closed
wants to merge 3 commits into
base: master
from

Conversation

3 participants
@jakkdu
Copy link
Contributor

jakkdu commented Jan 24, 2016

Since integer overflow can be occurred in wordwrap,
input text length needs to be checked.

This is PoC code which cause SEGFAULT in 32bit Ubuntu

[ 4835.338030] php[32661]: segfault at 41414149 ip 082f6b6a sp bfd33de0
error 4 in php[8048000+837000]

fix potential overflow in wordwrap
Since integer overflow can be occurred in wordwrap,
input text length needs to be checked.

This is PoC code which cause SEGFAULT in 32bit Ubuntu

<?php
  $text1 = str_repeat("A", 65536);
  $text2 = str_repeat("B", 65536 - 1);
  $newtext = wordwrap($text1, -1, $text2);
?>

[ 4835.338030] php[32661]: segfault at 41414149 ip 082f6b6a sp bfd33de0
error 4 in php[8048000+837000]

@jakkdu jakkdu changed the title fix potential overflow in wordwrap fix integer overflow in wordwrap Jan 24, 2016

@jerrygrey

This comment has been minimized.

Copy link

jerrygrey commented Jan 24, 2016

Don't you mean Integer overflow *HAS* occurred instead of Integer overflow *IS* occurred?

@jakkdu

This comment has been minimized.

Copy link
Contributor

jakkdu commented Jan 24, 2016

Sorry for my bad English :)
I fixed an error message.

jakkdu added some commits Jan 24, 2016

@php-pulls

This comment has been minimized.

Copy link

php-pulls commented Jan 28, 2016

Comment on behalf of yohgaki at php.net:

The fix is committed, but safe alloc is used. Thank you for PR and report

@php-pulls php-pulls closed this Jan 28, 2016

@jakkdu

This comment has been minimized.

Copy link
Contributor

jakkdu commented Jan 28, 2016

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment